[apple/security.git] / libsecurity_apple_csp / lib / DH_utils.cpp

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/*
 * DH_utils.cpp
 */

#include "DH_utils.h"
#include "DH_keys.h"
#include <opensslUtils/opensslAsn1.h>
#include <security_utilities/logging.h>
#include <security_utilities/debugging.h>
#include <opensslUtils/opensslUtils.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/err.h>

#define dhMiscDebug(args...)	secdebug("dhMisc", ## args)

/* 
 * Given a Context:
 * -- obtain CSSM key with specified attr (there must only be one)
 * -- validate keyClass per caller's specification
 * -- validate keyUsage
 * -- convert to DH *, allocating the DH key if necessary
 */
DH *contextToDhKey(
	const Context		&context,
	AppleCSPSession 	&session,
	CSSM_ATTRIBUTE_TYPE	attr,		  // CSSM_ATTRIBUTE_KEY for private key
									  // CSSM_ATTRIBUTE_PUBLIC_KEY for public key
	CSSM_KEYCLASS		keyClass,	  // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY	
	CSSM_KEYUSE			usage,		  // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc.
	bool				&mallocdKey)  // RETURNED
{
    CssmKey *cssmKey = context.get<CssmKey>(attr);
	if(cssmKey == NULL) {
		return NULL;
	}
	const CSSM_KEYHEADER &hdr = cssmKey->KeyHeader;
	if(hdr.AlgorithmId != CSSM_ALGID_DH) {
		CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
	}
	if(hdr.KeyClass != keyClass) {
		CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
	}
	cspValidateIntendedKeyUsage(&hdr, usage);
	cspVerifyKeyTimes(hdr);
	return cssmKeyToDh(*cssmKey, session, mallocdKey);
}

/* 
 * Convert a CssmKey to an DH * key. May result in the 
 * creation of a new DH (when cssmKey is a raw key); allocdKey is true 
 * in that case in which case the caller generally has to free the allocd key).
 */
DH *cssmKeyToDh(
	const CssmKey	&cssmKey,
	AppleCSPSession	&session,
	bool			&allocdKey)		// RETURNED
{
	DH *dhKey = NULL;
	allocdKey = false;
	
	const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
	if(hdr->AlgorithmId != CSSM_ALGID_DH) {
		// someone else's key (should never happen)
		CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
	switch(hdr->BlobType) {
		case CSSM_KEYBLOB_RAW:
			dhKey = rawCssmKeyToDh(cssmKey);
			cspDhDebug("cssmKeyToDh, raw, dhKey %p", dhKey);
			allocdKey = true;
			break;
		case CSSM_KEYBLOB_REFERENCE:
		{
			BinaryKey &binKey = session.lookupRefKey(cssmKey);
			DHBinaryKey *dhBinKey = dynamic_cast<DHBinaryKey *>(&binKey);
			/* this cast failing means that this is some other
			 * kind of binary key */
			if(dhBinKey == NULL) {
				CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
			}
			assert(dhBinKey->mDhKey != NULL);
			dhKey = dhBinKey->mDhKey;
			cspDhDebug("cssmKeyToDh, ref, dhKey %p", dhKey);
			break;
		}
		default:
			CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
	}
	return dhKey;
}

/* 
 * Convert a raw CssmKey to a newly alloc'd DH key.
 */
DH *rawCssmKeyToDh(
	const CssmKey	&cssmKey)
{
	const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
	bool isPub = false;
	
	if(hdr->AlgorithmId != CSSM_ALGID_DH) {
		// someone else's key (should never happen)
		CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
	assert(hdr->BlobType == CSSM_KEYBLOB_RAW); 
	/* validate and figure out what we're dealing with */
	switch(hdr->KeyClass) {
		case CSSM_KEYCLASS_PUBLIC_KEY:
			switch(hdr->Format) {
				case CSSM_KEYBLOB_RAW_FORMAT_PKCS3:	
				case CSSM_KEYBLOB_RAW_FORMAT_X509:
					break;
				/* openssh real soon now */
				case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
				default:
					CssmError::throwMe(
						CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT);
			}
			isPub = true;
			break;
		case CSSM_KEYCLASS_PRIVATE_KEY:
			switch(hdr->Format) {
				case CSSM_KEYBLOB_RAW_FORMAT_PKCS3:	// default
				case CSSM_KEYBLOB_RAW_FORMAT_PKCS8:	// SMIME style
					break;
				/* openssh real soon now */
				case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
				default:
					CssmError::throwMe(
						CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT);
			}
			isPub = false;
			break;
		default:
			CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
	}
	
	CSSM_RETURN crtn;

	DH *dhKey = DH_new();
	if(dhKey == NULL) {
		crtn = CSSMERR_CSP_MEMORY_ERROR;
	}
    else
    {
        if(isPub) {
            crtn = DHPublicKeyDecode(dhKey, hdr->Format,
                cssmKey.KeyData.Data, cssmKey.KeyData.Length);
        }
        else {
            crtn = DHPrivateKeyDecode(dhKey, hdr->Format,
                cssmKey.KeyData.Data, cssmKey.KeyData.Length);
        }
    }
    
	if(crtn) {
        if (dhKey != NULL) {
            DH_free(dhKey);
        }
        
        CssmError::throwMe(crtn);
	}
	cspDhDebug("rawCssmKeyToDh, dhKey %p", dhKey);
	return dhKey;
}
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	/*
	20	* DH_utils.cpp
	21	*/
	22
	23	#include "DH_utils.h"
	24	#include "DH_keys.h"
	25	#include <opensslUtils/opensslAsn1.h>
	26	#include <security_utilities/logging.h>
	27	#include <security_utilities/debugging.h>
	28	#include <opensslUtils/opensslUtils.h>
	29	#include <openssl/bn.h>
	30	#include <openssl/dh.h>
	31	#include <openssl/err.h>
	32
	33	#define dhMiscDebug(args...) secdebug("dhMisc", ## args)
	34
	35	/*
	36	* Given a Context:
	37	* -- obtain CSSM key with specified attr (there must only be one)
	38	* -- validate keyClass per caller's specification
	39	* -- validate keyUsage
	40	* -- convert to DH *, allocating the DH key if necessary
	41	*/
	42	DH *contextToDhKey(
	43	const Context &context,
	44	AppleCSPSession &session,
	45	CSSM_ATTRIBUTE_TYPE attr, // CSSM_ATTRIBUTE_KEY for private key
	46	// CSSM_ATTRIBUTE_PUBLIC_KEY for public key
	47	CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY
	48	CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc.
	49	bool &mallocdKey) // RETURNED
	50	{
	51	CssmKey *cssmKey = context.get<CssmKey>(attr);
	52	if(cssmKey == NULL) {
	53	return NULL;
	54	}
	55	const CSSM_KEYHEADER &hdr = cssmKey->KeyHeader;
	56	if(hdr.AlgorithmId != CSSM_ALGID_DH) {
	57	CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
	58	}
	59	if(hdr.KeyClass != keyClass) {
	60	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
	61	}
	62	cspValidateIntendedKeyUsage(&hdr, usage);
	63	cspVerifyKeyTimes(hdr);
	64	return cssmKeyToDh(*cssmKey, session, mallocdKey);
65	}
66
67	/*
68	* Convert a CssmKey to an DH * key. May result in the
69	* creation of a new DH (when cssmKey is a raw key); allocdKey is true
70	* in that case in which case the caller generally has to free the allocd key).
71	*/
72	DH *cssmKeyToDh(
73	const CssmKey &cssmKey,
74	AppleCSPSession &session,
75	bool &allocdKey) // RETURNED
76	{
77	DH *dhKey = NULL;
78	allocdKey = false;
79
80	const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
81	if(hdr->AlgorithmId != CSSM_ALGID_DH) {
82	// someone else's key (should never happen)
83	CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
84	}
85	switch(hdr->BlobType) {
86	case CSSM_KEYBLOB_RAW:
87	dhKey = rawCssmKeyToDh(cssmKey);
88	cspDhDebug("cssmKeyToDh, raw, dhKey %p", dhKey);
89	allocdKey = true;
90	break;
91	case CSSM_KEYBLOB_REFERENCE:
92	{
93	BinaryKey &binKey = session.lookupRefKey(cssmKey);
94	DHBinaryKey dhBinKey = dynamic_cast<DHBinaryKey >(&binKey);
95	/* this cast failing means that this is some other
96	* kind of binary key */
97	if(dhBinKey == NULL) {
98	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
99	}
100	assert(dhBinKey->mDhKey != NULL);
101	dhKey = dhBinKey->mDhKey;
102	cspDhDebug("cssmKeyToDh, ref, dhKey %p", dhKey);
103	break;
104	}
105	default:
106	CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
107	}
108	return dhKey;
109	}
110
111	/*
112	* Convert a raw CssmKey to a newly alloc'd DH key.
113	*/
114	DH *rawCssmKeyToDh(
115	const CssmKey &cssmKey)
116	{
117	const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
118	bool isPub = false;
119
120	if(hdr->AlgorithmId != CSSM_ALGID_DH) {
121	// someone else's key (should never happen)
122	CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
123	}
124	assert(hdr->BlobType == CSSM_KEYBLOB_RAW);
125	/* validate and figure out what we're dealing with */
126	switch(hdr->KeyClass) {
127	case CSSM_KEYCLASS_PUBLIC_KEY:
128	switch(hdr->Format) {
129	case CSSM_KEYBLOB_RAW_FORMAT_PKCS3:
130	case CSSM_KEYBLOB_RAW_FORMAT_X509:
131	break;
132	/* openssh real soon now */
133	case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
134	default:
135	CssmError::throwMe(
136	CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT);
137	}
138	isPub = true;
139	break;
140	case CSSM_KEYCLASS_PRIVATE_KEY:
141	switch(hdr->Format) {
142	case CSSM_KEYBLOB_RAW_FORMAT_PKCS3: // default
143	case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: // SMIME style
144	break;
145	/* openssh real soon now */
146	case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
147	default:
148	CssmError::throwMe(
149	CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT);
150	}
151	isPub = false;
152	break;
153	default:
154	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
155	}
156
157	CSSM_RETURN crtn;
158
159	DH *dhKey = DH_new();
160	if(dhKey == NULL) {
161	crtn = CSSMERR_CSP_MEMORY_ERROR;
162	}
163	else
164	{
165	if(isPub) {
166	crtn = DHPublicKeyDecode(dhKey, hdr->Format,
167	cssmKey.KeyData.Data, cssmKey.KeyData.Length);
168	}
169	else {
170	crtn = DHPrivateKeyDecode(dhKey, hdr->Format,
171	cssmKey.KeyData.Data, cssmKey.KeyData.Length);
172	}
173	}
174
175	if(crtn) {
176	if (dhKey != NULL) {
177	DH_free(dhKey);
178	}
179
180	CssmError::throwMe(crtn);
181	}
182	cspDhDebug("rawCssmKeyToDh, dhKey %p", dhKey);
183	return dhKey;
184	}
185